OpenVPN-Gateway (Router) in a Jail

[Moppen]

Hi there,

until now I had this konfiguration on a Raspebbry Pi but I now wanted it to be in a jail for easier administration.
But I can't get it working. Maybe someone could have a look at my configuration and tell me what I am doing wrong?

OpenVPN is up and running, I have checked with "curl icanhazip.com".

rc.conf

Code:

portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="OpenVPN"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"

firewall_enable="YES"
firewall_type="/media/openvpn/ipfw_rules"

openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/media/openvpn/vpn.conf"
openvpn_dir="/media/openvpn"
cloned_interfaces="tun"

gateway_enable="YES"

ipfw list

Code:

[root@OpenVPN /]# ipfw list
65535 allow ip from any to any

sysctl net.inet.ip.forwarding

Code:

net.inet.ip.forwarding: 1

netstat -nr

Code:

Routing tables

Internet:
Destination		Gateway			Flags	  Netif Expire
0.0.0.0/1		  10.54.2.145		UGS		tun0
default			192.168.178.1	  UGS	 epair0b
10.54.0.1/32	   10.54.2.145		UGS		tun0
10.54.2.145		link#3			 UH		 tun0
10.54.2.146		link#3			 UHS		 lo0
127.0.0.1		  link#1			 UH		  lo0
128.0.0.0/1		10.54.2.145		UGS		tun0
136.0.0.108/32	 192.168.178.1	  UGS	 epair0b
192.168.178.0/24   link#2			 U	   epair0b
192.168.178.10	 link#2			 UHS		 lo0

But my clients (this is the gateway) cant access the Internet via the Gateway. I had a liekwise Configuration runnung for years on a raspberry and, now that i want to switch to a jail, i had a working jail for 2 days until I tempered with the NAT udn VIMAGE-Settings in the WebGUI and so killed the then working Jail. I thought it would be no Problem to set it up again, but i can't get it to work for hours now and maybe i'm now "snowblind" to see the problem?

Regards,
Stefan

 

[Moppen]

Nobody an Idea? I updated the ipfw-rules, but still no luck.

Code:

# ipfw list
02000 allow ip from 192.168.0.0/16 to 10.0.0.0/8 keep-state
04000 allow ip from 127.0.0.1 to any
05000 allow ip from 10.0.0.0/8 to any
05002 allow ip from any to 10.0.0.0/8
06000 allow ip from 192.168.0.0/16 to 192.168.0.0/16 keep-state
65534 allow ip from any to any
65535 allow ip from any to any

 

[afmiller]

Nobody an Idea? I updated the ipfw-rules, but still no luck.

Code:

# ipfw list
02000 allow IP from 192.168.0.0/16 to 10.0.0.0/8 keep-state
04000 allow IP from 127.0.0.1 to any
05000 allow IP from 10.0.0.0/8 to any
05002 allow IP from any to 10.0.0.0/8
06000 allow IP from 192.168.0.0/16 to 192.168.0.0/16 keep-state
65534 allow IP from any to any
65535 allow IP from any to any

Wanted to bump this. Did you get it working? I'm assuming your trying to have a jail act as the openvpn vs a server. Did you set up a warden or iocsge jail? I was thinking about doing this myself to save on the raspberry pi